Encrypt in C# decrypt in JavaScript
https://stackoverflow.com/questions/1469084
-
16-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I am looking for way to encrypt string in C# and to decrypt it using JavaScript. JavaScript in this case is a scripting language for internal system, so I should not worry about people accessing private key/password which will be required for decryption.
Searching online for solution it seems that AES encryption should do the trick. I’ve looked into slowAES and RijndaelManaged solution, but had no luck getting it to work.
I’ve used C# code which Cheeso provided and received identical cipher text. But when I’ve attempted to use slowAES to encrypt same piece of data I’ve received completely different cipher.
var testString = new Array("w", "a", "t", "s", "o", "n", "?");
var test = slowAES.encrypt(testString, slowAES.modeOfOperation.CBC, "12345678901234567890123456789012", slowAES.aes.keySize.SIZE_256, new Array(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0));
alert(test.cipher);
Can someone point me into right direction? I don’t care on the method, as long as I can achieve results. My goal is to take URL for example:
www.test.com/clientid=123
use .NET (C#) to encrypt it to look like
www.test.com/clientid=asdf;lkjsxd;flkjq934857u9duhfgkjhgalsdkjfh
and then use JavaScript to convert it back to
www.test.com/clientid=123
Thanks, ITRushn
Solution 3
I’ve managed to solve my issue using RC4 encryption. You can get more information about implementation on my blog.
OTHER TIPS
Encryption/decryption operations occur on binary data. Therefore, you must preserve that binary data between C# and javascript. Encoding the output as a base64 or hexadecimal string is probably the best way to do that.
Option 1
If your only intent is securing sensitive data between the server and client that is a solved problem, use SSL.
Option 2
given the url www.test.com/clientid=123
use .NET (C#) to encrypt it and to point to a different location: www.mywebserver.com/forward.aspx?url=asdf;lkjsxd;flkjq934857u9duhfgkjhgalsdkjfh
and then in the forward.aspx page, decrypt and redirect to www.test.com/clientid=123
the client then follows the HTTP redirect and prest-o-done. No shared keys, easy to implement, it just works.
Note:
As for your original solution it can not be done securely without COM or some other means of inter-op. The reason I say this is that the JScript would need access to a public/private key pair which, to the best of my knowledge, is not possible. Without a public/private key the server would be required to share a symmetric key with the client. With no means by which to securely transfer this key you have not secured the data, only obfuscated it.
I think the simplest approach would be to use SSL, followed by that of the forwarding URL.
